Method and system for using a web service license

ABSTRACT

A method and system are provided such that a universal license may be used for authentication and authorization purposes and may include one or more cryptographic keys as well as assertions and related indications of authenticity. In an aspect of the invention, a license may be presented that includes access information, such that authentication and authorization decisions may be made based only on the access information. In other aspects of the invention, rights may be delegated and a trusted party may assert that another party can be trusted.

FIELD OF THE INVENTION

[0001] The present invention relates to a system and a method forproviding authentication and authorization data. More specifically, theinvention relates to enabling web services to process authentication andauthorization data.

BACKGROUND OF THE INVENTION

[0002] Today's credential formats do not offer the flexibility to meetthe needs of high-scale/high-availability web services. For example,X.509 is very good for asymmetric key authentication, but is verydifficult to use for anything else. One reason for this is that X.509 isbased on Asynchronous Syntax Notation One (ASN.1) and requires compilingof specialized code to process an X.509 license. X.509 allowsextensions, but the extensions are limited and not widely supported.Kerberos is another common format which focuses on arbitratedauthentication using symmetric keys, but is not designed to be used forother types of authentication. Kerberos has an extensibility field, butthere are no conventions or interoperability. EXtensible resource MarkupLanguage (XrML), version 1, is limited because it doesn't supportdelegation and many other concepts and focuses on digital rightsmanagement.

[0003] Thus, there is a need for a format that can be used for differentauthentication and authorization purposes and that provides theflexibility to meet the demands of high-scale/high availability webservices.

BRIEF SUMMARY OF THE INVENTION

[0004] The present invention addresses the above-mentioned problems byproviding flexible credential formats for meeting the needs ofhigh-scale/high-availability web services. The present inventionintroduces the concept of a universal license. A universal license maybe used for authentication and authorization purposes and may includeone or more cryptographic keys as well as assertions and relatedindications of authenticity.

[0005] In an aspect of the invention, a universal license includes atleast one addressable portion. Each addressable portion may include oneor more assertions or one or more indications of authenticity, such as adigital signature. The license may be formatted such that assertions andindications of authenticity may be added to the license withoutaffecting existing assertions and indications of authenticity.

[0006] In an aspect of the invention, a license may be presented thatincludes prefetched access information, such that authentication andauthorization decisions may be made based only on the accessinformation.

[0007] In other aspects of the invention, rights may be delegated, suchthat a party may delegate his right to access a resource. Thedelegations may be restricted to a specific number of times the resourcemay be accessed or the access may be allowed only during a specific timeperiod or time window, or access may be permitted only for a specificuse, for example, only permitting access to a party's calendar to checkthe party's free time. Further, a party with delegated rights maysub-delegate aspects of the delegated rights subject to restrictions.

[0008] In other aspects of the invention a trusted party may assert thatanother party can be trusted.

BRIEF DESCRIPTION OF THE DRAWINGS

[0009] The present invention is described with respect to theaccompanying figures, in which like reference numerals identify likeelements, and in which:

[0010]FIG. 1 shows an exemplary operating environment of the invention;

[0011] FIGS. 2A-2D show examples of portions of licenses described ineXtensible Markup Language (XML);

[0012]FIG. 3 shows an example of a portion of a license havingassertions;

[0013]FIG. 4 shows an example of a portion of a license in which rightsare delegated;

[0014]FIG. 5 shows an example of a license having a signature thatspecifically identifies assertions;

[0015]FIG. 6 illustrates an exemplary system for practicing anembodiment of the invention;

[0016]FIG. 7 illustrates an exemplary embodiment in which a license canbe used to maintain anonymity;

[0017]FIG. 8 is a functional diagram illustrating the functions of anexemplary processing device for practicing an aspect of the invention;

[0018]FIG. 9 is a functional diagram illustrating the functions of anexemplary processing device for practicing a second aspect of theinvention; and

[0019]FIG. 10 is a functional diagram illustrating the functions of anexemplary processing device for practicing a third aspect of theinvention;

DETAILED DESCRIPTION

[0020] Operating Environment

[0021] Aspects of the present invention are suitable for use in anenvironment of networked computer devices. Embodiments of the presentinvention may comprise special purpose and/or general purpose computerdevices that each may include standard computer hardware, such as acentral processing unit (CPU) or other processing means for executingcomputer executable instructions, computer readable media for storingexecutable instructions, a display or other output means for displayingor outputting information, a keyboard or other input means for inputtinginformation, and so forth. Examples of suitable computer devices includehand-held devices, multiprocessor systems, microprocessor-based orprogrammable consumer electronics, network PCS, minicomputers, mainframecomputers, and the like.

[0022] The above-mentioned computer readable media can be any availablemedia which can be accessed by a general purpose or special purposecomputer. By way of example, and not limitation, such computer readablemedia can comprise RAM, ROM, EEPROM, CD-ROM or other optical diskstorage, magnetic disk storage or other magnetic storage devices, or anyother medium which can be used to store the desired executableinstructions and which can be accessed by a general purpose or specialpurpose computer. Combinations of the above should also be includedwithin the scope of computer readable media. Executable instructionscomprise, for example, instructions and data which cause a generalpurpose computer, special purpose computer, or special purposeprocessing device to perform a certain function or group of functions.

[0023]FIG. 1 illustrates an exemplary operating environment in which theinvention may be implemented. System 100 is only one example of asuitable operating environment and is not intended to suggest anylimitation as to the scope of use or functionality of the invention.System 100 is shown as including a communications network 102. Thespecific network implementation used can be comprised of, for example,any type of local area network (LAN) and associated LAN topologies andprotocols; simple point-to-point networks (such as direct modem-to-modemconnection); and wide area network (WAN) implementations, includingpublic Internets and commercial based network services such asMicrosoft7 Network. Systems may also include more than one communicationnetwork, such as a LAN coupled to the Internet.

[0024] Elements 104, 106, 108 and 110, which may be separate computerdevices or combined devices, may be coupled to communications network102 through communication devices. Network interfaces or adapters may beused to connect computer devices 104, 106, 108 and 110 to a LAN. Whencommunications network 102 includes a WAN, modems or other means forestablishing a communications over WANs may be utilized. Computerdevices 104, 106, 108 and 110 may communicate with one another viacommunication network 102 in ways that are well known in the art. Theexistence of any of various well-known protocols, such as TCP/IP,Ethernet, FTP, HTTP and the like, is presumed.

[0025] Elements 104, 106, 108 and 110 may exchange content,applications, messages and other objects via communications network 102.

[0026] Description of Embodiments

[0027] This invention introduces the concept of “universal license”. Auniversal license can be used for different authentication andauthorization purposes. The universal license can be used as amultipurpose license for both authentication and authorization and canhave additional information added.

[0028]FIG. 2A illustrates a portion of a license described in eXtensibleMark-up Language (XML). XML is provided as an example of one languagethat may be used to describe licenses. The invention is not limited toonly XML. For example, any language that supports extensibleproperty->value mappings with referencing and nesting would be suitable.The license may contain one or more sets of related assertions followedby an indication of authenticity, related to one or more of the sets ofrelated assertions proving that the assertion(s) came from a specificsource. The indication of authenticity may be a digital signature, as iswell known in the art. Although FIG. 2 shows only one assertions sectionand one signatures section, there may be multiple assertions sections(or multiple sections with different names containing assertions) andmultiple signature sections (or multiple sections containingsignatures). Further, any of the signature sections may include one ormore signatures that sign other signatures. In an embodiment, onesection may contain assertions and signatures, such that relatedsignatures follow one or more related assertions.

[0029] An assertion is a statement that the license provides. Thesestatements are intended to be used for a variety of purposes, includingsecurity, if the recipient determines that the statements are trusted.An example of an assertion includes, “all Microsoft Research employeesare Microsoft employees.” The assertion can be authenticated by asignature, or other method, that allows the recipient to verify thesource of the assertion. For example, the above assertion may be signedby Microsoft Human Resources. An assertion can be any statement ofpurported fact, such as, identification, address, height, weight, etc.

[0030] FIGS. 2B-2D illustrate other exemplary licenses. FIGS. 2B-2Dillustrate that licenses may have assertions with IDs, for example,“Claim ID=1”. Further signatures may also have IDs, such as, “SignatureID=1”. Further, as FIGS. 2B-2D illustrate, a reason can be associatedwith a signature along with IDs that refer back to one or more relatedassertions or claims.

[0031] The format illustrated in FIGS. 2A-D allows different parties orauthorities to sign or countersign licenses for different reasons. See,for example, 240 in FIG. 2D, which shows two signatures referring todifferent claims or assertions and different reasons (reason x andreason y). As an example, party A may assert an identity of “John Smith”and provide a digital signature corresponding to the assertion, whileparty B may assert the validity of John Smith's identity and provide adigital signature.

[0032] The format also allows for a trusted party to assert that anotherparty can be trusted. For example, if party A is a trusted party, thenparty A can assert or claim, “you can trust party B”, with correspondingdigital signature of party A and a reason.

[0033]FIG. 3 provides an example of an assertion. The assertion mayinclude a statement describing key type, such as an asymmetric key or asymmetric key, name in order to make a statement about a label foridentifying a holder of a license. The keys may or may not be encrypted.Further, multiple names could be asserted and the keys may be targetedat different recipients, at the same recipients or some of the keys maybe targeted at the same recipients while other keys are targeted atdifferent recipients. Further, one or more statements may be madeasserting right(s), capability(ies), or permission(s). As an example,suppose that a license is being given to parties A, B and C. A singlelicense may be used and thus, the keys for each of A, B and C areincluded in the license, encrypted for each recipient. The same licensemay be re-used because, for example, the same assertions may apply toall three parties and the parties may be related in some way (e.g.,different services of the same site).

[0034] In today's systems, when one party requires access to a resourceto which another party has access, this can be accomplished via the useof ACLs or via impersonation. That is, one party can impersonate anotherparty when attempting to access the resource in order to gain access.These solutions, however, cause problems regarding replication andgranularity. For example, most ACLs are at the Read, Write and Deletelevel. Another big problem is traceability. For example, it may bedifficult to determine who is logged in. Usually the party that islogged in is the impersonated entity not the impersonating identity onbehalf of the impersonated entity.

[0035] Further, impersonation may have problems with timing. Currentimpersonation techniques are constrained to the original time scope ofthe authentication mechanism. No tighter timing can be defined. Thus,for example, it is difficult, if not impossible, to use impersonation togive a party access to a resource for a specific time, such as onlyduring a twenty minute time interval on a particular day. As describedbelow, delegation solves this timing issue. In addition, impersonationcreates other problems, such as auditing problems because identities arelost.

[0036] Delegation allows one party to transfer its rights to anotherparty with respect to time, usage and restrictions. FIG. 4 provides anexample of a delegation. For example, Bob gives Joe the right to look athis free time on Tue and schedule a single appointment. This examplewould be impossible to achieve with ACLs today because of timeliness andgranularity issues. Further, the delegation may include conditions orrestrictions that define or limit the conditions under which delegationcan occur, define or limit the scope or use of delegation, or containadditional information that should be used during the delegation. Therestrictions may be specified by a computer processing language, forexample, a compiled language, such as: Java, C, C++, C#; a scriptinglanguage, such as, jscript and ecmascript; and an interpreted language,such as basic or an intermediate language such as java bytecode,Microsoft IL (MSIL), and p-code. As an example, of this feature, afunction may be asserted to run on a message. In this example, a valueof TRUE must be returned as a way to validate specific aspects of themessage. Common conditions for delegation include, but are not limitedto:

[0037] Time periods or number of times a particular action may beallowed, such as “may read file X one time” or “may read file X onlyduring the period between 7 AM and 8 AM”

[0038] Depth (number of sub-delegations allowed), such as “cannot besub-delegated.” Note, the sub-delegation can contain its own set ofconditions or restrictions such as “can be sub-delegated to individualsmeeting these criteria” or can only be subdelegated to a particularindividual or group.

[0039] Delegation targets (to whom rights can or cannot be delegated)

[0040] Delegation rights that the target must have or must not have. Asan example, delegation to party X is allowed if X has a particularright, such as a “purchase order right”, or delegation to party X is notallowed if X has a “bad credit” assertion.

[0041] Specific cryptographic keys to “introduce delegates” (encryptedfor the ultimate target(s)). As an example, suppose A is delegating to Bthe right to talk to C. A and B share a secret key “Sab” and A and Cshare a secret “Sac”. A can authenticate and “introduce” B to C bygiving B a secret key “Sbc” encrypted using key “Sab” and key “Sbc”encrypted using key “Sac” to give to C. B passes the secret key to C andinforms C that the key is from A. C can extract Sbc and know that itcame from A.

[0042] Identity or logging trail for delegates, such as “Actionsperformed by delegate must be signed by this key and the delegate'skey”.

[0043] Other conditions or restrictions are also possible and the aboveare provided simply for illustrative purposes.

[0044] Further, a trusted party may indicate conditions under whichanother party may be trusted or not trusted. For example, trusted partyA may assert, “you can trust party B only related to access of file X”.As another example, trusted party A may assert, “you can trust party Cunless party C is trying to access service Y”. As a third example,trusted party A may assert, “you can trust http://example.com so long asit is making statements about namespaces within http://example.com”.

[0045] Assertions that cannot be verified as originating from aparticular source are relatively uninteresting and are not particularlyuseful. Thus, assertions can contain some indication of authentication.Such an indication is typically done by a method that verifies theidentity of the source of the assertion or verifies the identity ofsomeone who vouches for the identity of the source of the assertion.Preferably, the assertion can be verified using the informationcontained in the license itself. One method to accomplish suchverification is digital signatures. A digital signature, or more simplya signature, can specifically identify one or more assertions and therecould be multiple reasons for a signature. FIG. 5 illustrates an exampleof a signature specifically identifying assertions. As an example, Amight send a message and sign it as a “Sender”. B might receive themessage and validate that the signature matches the text, but not thevalidity of the sender's credentials and mark their signature as“Notary”. C might then validate everything and make sure A's credentialsare valid and mark “Verified”. D, knowing A, might add a signature(after verifying), “Corroborated”.

[0046] Another key aspect of a universal license is that the universallicense may be augmented. In other words, the license can be extendedwithout impacting existing indications of authentications, for example,digital signatures. For example, a user, Joe, may present a license toan admission service. The admission service validates the license andvalidates Joe's cryptographic proof and adds a countersignatureattesting to the validity of the license presented by Joe. Joe may thenpresent the license with the countersignature and may add a set ofassertions about rights and sign them. In this way, the license issomewhat like a living passport.

[0047] As shown in FIG. 1, the system 100 may include a plurality ofelements. The elements may be separate devices, such as computer orprocessor devices or some elements may be combined into a singlephysical device, while other elements remain in separate devices.

[0048] Each element may be included in one or more groups of elements.Elements are not limited to being included in only one group. Forexample, consider a system where clients download software from asoftware provider. The clients present a multipurpose license that isauthenticated by an authenticator. Finally, an authorizer determines ifa client is authorized to use the service. In such a system, any elementthat is included in the first group of elements is configured to providethe download service, using, for example, a web service. Any elementincluded in a second group of elements is a client configured to presenta multipurpose license, such as described above, to use the service. Asmentioned above, the multipurpose license may include such things as oneor more cryptographic keys for one or more recipients, delegationrights, assertions of trust, and conditions. Any element included in athird group of elements is configured to authenticate a holder of amultipurpose license. Finally, any element included in a fourth group isconfigured to authorize the holder of the multipurpose license to usethe service according to the license.

[0049]FIG. 6 illustrates an exemplary system 600 having elementsincluded in the four groups connected via network 602. The elements maybe in one or more physical devices. Network 602 may be a single network,such as a local area network (LAN) or may be a network of networks, suchas the Internet, or a Wide Area Network (WAN), or a combination ofvarious types of networks.

[0050] Following on with the above example, element 604 provides a webservice. Thus, element 604 is included in the first group of elements.Element 606 may be a user device or element. Thus, element 606 maypresent a multipurpose license to use a service. Element 608 may be anelement for authenticating a holder of a license. Finally, element 610may be an element for authorizing a holder of a multipurpose license touse a service.

[0051] The following is an example of how the four elements may be used.Element 606 sends a request to use the service to element 604, whichprovides the service. The exemplary request may include an ID of a userrequesting access to the service and may include an indication ofauthentication, such as a digital signature of the user. Element 604 mayforward the request to element 608 for authentication.

[0052] Element 608 authenticates the user. This may be done by, forexample, checking the digital signature provided by element 606 todetermine if the user is who he says he is. Once authentication has beenperformed by element 608, an indication of authentication, for example,a digital signature of element 608 may be appended to the license withan accompanying assertion by element 608 that “element 608 asserts thatthe identity of the user has been authenticated”.

[0053] The license may then be passed to element 610 to determinewhether the specific authenticated user has authority to access theservice. This may be done in a number of ways. For example, element 610may consult an access control list (ACL) to determine whether the useris authorized for the requested type of access to the service.Alternatively, element 610 may have previously checked to determinewhether the same user was authorized to access the service and may havereturned a license to element 606 including the user's access rightsfrom the ACL along with an indication of authentication, such as thedigital signature of element 610. Thus, if element 606 has such alicense, element 604 may save the license and may include the ACL andelement 610's indication of authentication in the multipurpose licensesuch that elements 608 and 610 may authenticate and authorize accessbased only on the information in the license.

[0054] As mentioned previously, elements may belong to multiple groups.For example, in an alternate embodiment, element 604 may be included inthe second, third and fourth groups. In such an alternative embodiment,element 604 is configured to provide the service, authenticate holdersof the multipurpose license, and authorize access to the service.

[0055] Further, in other alternate embodiments, the system may not haveelements that are included in each of the four groups. For example, in asystem that provides unrestricted access to a service to all users,elements may not be included in the fourth group because there may notbe a need to check if a particular user is authorized to access theservice.

[0056]FIG. 7 shows another example in which a license can be used tomaintain anonymity. A user, via element 702 (included in the secondgroup), requests a service from element 700 (included in the firstgroup) by sending the request to another service, element 704 (includedin the first, third and fourth groups). The request may be a request todownload software from the service at element 700. Element 704determines that the user is authenticated (the user is who he says heis), is authorized to access the service at element 700 for thedownload, returns a license to element 702 asserting that the user isauthorized for the download and may pass an ID via the license, such as,for example, IDS 6341, to the user. The license may include anindication of authentication, such as a digital signature of element704. Element 702 may then present the license to element 700 for thedownload. Alternatively, the license presented by element 702 may notinclude a user ID. Further, if a user ID such as 6341 is used, element700 may report to element 704 a number of downloads that have beenperformed by a user having a particular ID, such as ID 6341. Note thatalthough element 704 may have access to the ID of a user using element702, the service at element 700 will either have no identification ofthe user, if a user ID does not appear in the license presented to theservice at element 700, or element 700 is to be presented with an ID,such as ID 6341, which the service at element 700 will be unable to mapto the user's identity.

[0057]FIG. 8 is a functional diagram illustrating the functions withinan exemplary processing device included in an element within the secondgroup of elements for providing a service. The processing deviceincludes service requester 802 for providing a request to a service (therequest may include a multipurpose license), response receiver 804 forreceiving a response from a service regarding the service request. Theresponse may include access rights to use the service and storage 806,for storing received access rights.

[0058]FIG. 9 is a functional diagram illustrating the functions withinan exemplary processing device included in an element within the thirdgroup of elements for authenticating a holder of a license Theprocessing device includes license receiver 902 for receiving thelicense and authenticator 904 for authenticating an indication ofauthentication, such as, for example, a digital signature, to determinewhether the holder of the license is who he claims to be.

[0059]FIG. 10 is a functional diagram illustrating the functions withinan exemplary processing device included in an element within the fourthgroup of elements for checking whether the holder of a license isauthorized for the requested access. The processing device includeslicense receiver 1002 for receiving the license and authorizer 1004 fordetermining whether the holder of the license is authorized. Authorizer1004 may access an ACL to determine whether the requested access is tobe permitted. If the requested access is permitted, authorizer 1004sends an indication that the requested access is permitted. Theindication may include a copy of the access rights of the holder and mayinclude an indication of authentication, such as a digital signaturefrom the processing device.

[0060] In the above embodiments, the functional elements of FIGS. 8through 10 may be implemented via software, firmware, hardware or acombination of any of these. Further, instructions for configuring aprocessor to implement an embodiment of the invention may reside on amedium, such as computer memory, floppy disk, or removable optical disk.Furthermore, the different illustrations may be combined in to at leastone device in various combinations or may all be separate.

[0061] The present invention has been described in terms of preferredand exemplary embodiments thereof. Numerous other embodiments,modifications and variations within the scope and spirit of the appendedclaims will occur to persons of ordinary skill in the art from a reviewof this disclosure.

We claim as our invention:
 1. A computer-implemented method forimplementing a multipurpose license, the method comprising: using thelicense for authentication purposes; and using the license forauthorization purposes, wherein the license is used for a service. 2.The method of claim 1, wherein the license includes a cryptographic key.3. The method of claim 2, wherein the cryptographic key is a symmetrickey.
 4. The method of claim 3, wherein the symmetric key is encrypted.5. The method of claim 2, wherein the license includes a plurality ofcryptographic keys.
 6. The method of claim 5, wherein each of theplurality of cryptographic keys is targeted at different recipients. 7.The method of claim 1, further comprising including in the multipurposelicense a plurality of signatures from a plurality of authorities and,corresponding to each of the signatures, a reason why each of thesignatures is provided.
 8. The method of claim 7, wherein at least oneof the signatures is included for all of the reasons included in thelicense.
 9. The method of claim 7, wherein at least one of thesignatures is included for some of the reasons included in the license.10. The method of claim 7, wherein at least two of the signatures areeach included for a plurality of different reasons and the reasonscorresponding to one of the at least two signatures differ from thereasons corresponding to other(s) of the signatures.
 11. The method ofclaim 7, wherein at least two of the signatures are each included for aplurality of same reasons
 12. The method of claim 7, wherein at leasttwo of the signatures are each included for a plurality of reasons andsome of the reasons corresponding to one of the at least two signaturesare identical to the reasons corresponding to other(s) of thesignatures.
 13. The method of claim 7, further comprising extending thelicense without affecting existing ones of the signatures and thecorresponding reasons.
 14. The method of claim 7, further comprisingadding at least one signature and a corresponding reason why each of theat least one signature is provided without affecting already existingones of the signatures and the corresponding ones of the reasons. 15.The method of claim 1, further comprising including in the multipurposelicense a statement indicating at least one right that can be delegated.16. The method of claim 15, further comprising including in themultipurpose license at least one restriction regarding any of thedelegated right(s).
 17. The method of claim 16, wherein at least some ofthe restriction(s) are specified using one of a compiled language, aninterpreted language, a script language and an intermediate language.18. The method of claim 16, wherein at least some of the restriction(s)are specified using a computer processing language.
 19. The method ofclaim 16, wherein one of the restriction(s) pertain to a number ofallowed sub-delegations
 20. The method of claim 16, wherein one of therestriction(s) pertain to a delegation target.
 21. The method of claim16, wherein one of the restriction(s) pertain to a delegation right thata delegation target must have for a sub-delegation to be valid.
 22. Themethod of claim 16, wherein one of the restriction(s) pertain to adelegation right that a delegation target must not have for asub-delegation to be valid.
 23. The method of claim 15, whereincryptographic keys are used to introduce delegates.
 24. The method ofclaim 1, wherein the multipurpose license is free of identificationinformation.
 25. The method of claim 1, further comprising includingidentification information in the multipurpose license, wherein theidentification information includes only an identifier that cannot beused by a third party device to identify a true holder of themultipurpose license.
 26. The method of claim 1, further comprisingincluding in the multipurpose license at least one encrypted element.27. The method of claim 26, wherein the multipurpose license includes aplurality of elements encrypted with keys for different recipientdevices.
 28. The method of claim 27, wherein at least two of theelements are encrypted for one of the recipient devices.
 29. The methodof claim 27, wherein each of the elements is encrypted for a differentone of the recipient devices.
 30. The method of claim 1, furthercomprising including in the multipurpose license an indication by asigning authority that a named subject is to be trusted.
 31. The methodof claim 30, wherein the indication indicates conditions under which thenamed subject is to be trusted.
 32. The method of claim 1, wherein thelicense includes one or more addressable parts.
 33. The method of claim32, wherein each of the addressable part(s) includes one of an assertionand an authentication.
 34. A computer-implemented method for usingprefetched information to access a service, the method comprising:sending a request to use the service; receiving, responsive to therequest, a response including access rights to use the service; savingthe access rights to use the service; and sending an access request touse the service, the access request including the saved access rights touse the service.
 35. The method of claim 34, wherein the saving of theaccess rights to use the service comprises saving a license to use theservice, the license including access rights information, the methodfurther comprising sending the license to a user who requested access tothe service.
 36. The method of claim 34, wherein: the receiving of theresponse includes an indication that that the response includesinformation from a verifiable source, and the sending of the accessrequest to use the service includes a second license, the second licenseincluding the access rights to use the service and an indication thatthe access rights are from a verifiable source.
 37. The method of claim34, further comprising the service making anauthentication/authorization decision based only on information includedin the access request.
 38. A system for using a multipurpose licensecomprising: a plurality of elements arranged to communicate with oneanother, each of the elements belonging to at least one of a pluralityof groups and, wherein: the elements communicate by passing amultipurpose license, the multipurpose license including a plurality ofassertions and indications of authenticity, the plurality of groupscomprises: a first group for providing a service, a second group forpresenting a multipurpose license to use the service, a third group forauthenticating a holder of the multipurpose license, and a fourth groupfor authorizing the holder of the multipurpose license to use theservice according to the license.
 39. The system of claim 38, whereinwhen there is an element in the second group, the element in the secondgroup is arranged to include a cryptographic key in the multipurposelicense.
 40. The system of claim 39, wherein the cryptographic key is asymmetric key.
 41. The system of claim 40, wherein the symmetric key isencrypted.
 42. The system of claim 40, wherein the multipurpose licenseincludes a plurality of cryptographic keys.
 43. The system of claim 42,wherein each of the plurality of cryptographic keys is targeted atdifferent recipients.
 44. The system of claim 38, wherein at least someof the elements are arranged to include in the multipurpose license anindication of authentication from an authority and a correspondingreason indicating why the indication is added.
 45. The system of claim44, wherein the at least some of the elements are arranged to extend themultipurpose license without affecting existing ones of the indicationsand the corresponding reasons included in the multipurpose license. 46.The system of claim 44, wherein at least some of the elements arearranged to add at least one indication of authentication and acorresponding reason why each of the additional indication ofauthentication(s) is added without affecting exiting ones of theindication of authentication(s) and the corresponding ones of thereasons included in the multipurpose license.
 47. The system of claim38, wherein when any of the elements are in the second group, theelement(s) in the second group are arranged to include at least onedelegated right within the multipurpose license.
 48. The system of claim47, wherein when any of the elements are in the second group, theelement(s) in the second group are arranged to include at least onerestriction regarding any of the delegated right(s).
 49. The system ofclaim 48, wherein at least some of the restrictions(s) are specifiedusing one of a compiled language, an interpreted language, a scriptlanguage and an intermediate language.
 50. The system of claim 48,wherein at least some of the restriction(s) are specified using acomputer processing language.
 51. The system of claim 48, wherein one ofthe restriction(s) pertain to a number of allowed sub-delegations 52.The system of claim 48, wherein one of the restriction(s) pertain to adelegation target.
 53. The system of claim 48, wherein one of therestriction(s) pertain to a delegation right that a delegation targetmust have for a sub-delegation to be valid.
 54. The system of claim 48,wherein one of the restriction(s) pertain to a delegation right that adelegation target must not have for a sub-delegation to be valid. 55.The system of claim 47, wherein cryptographic keys are used to introducedelegates.
 56. The system of claim 31, wherein the multipurpose licenseis arranged to be free of identification information.
 57. The system ofclaim 38, wherein when the multipurpose license includes identificationinformation, the identification information includes only an identifierthat cannot be used by a third party device to identify a true holder ofthe multipurpose license.
 58. The system of claim 38, wherein themultipurpose license includes at least one encrypted element.
 59. Thesystem of claim 58, wherein the multipurpose license includes aplurality of elements encrypted with keys for different recipientdevices.
 60. The system of claim 38, wherein the multipurpose license isarranged to include an indication by a signing authority that a namedsubject is to be trusted.
 61. The system of claim 60, wherein theindication indicates at least one condition under which the namedsubject is to be trusted.
 62. The system of claim 60, wherein theindication indicates at least one condition under which the namedsubject is not to be trusted.
 63. A processing device arranged tocommunicate with a service, the processing device comprising: a servicerequester for requesting use of a service; a response receiver forreceiving a response regarding requesting use of the service, theresponse including access rights to use the service; and a storagecomponent for storing the received access rights to use the service,wherein the service requester is arranged to send an access request touse the service, the access request including a copy of the saved accessrights.
 64. The processing device of claim 63, wherein: the responseincludes an authentication from an issuer, and when the servicerequester sends the access request to use the service, the accessrequest includes a second license, the second license including theaccess rights to use the service and the authentication of the issuer ofthe second license.
 65. A processing device arranged to communicate witha service, the processing device comprising: a license receiver forreceiving a license; and an authenticator for authenticating a userbased only on information included in the license.
 66. The processingdevice of claim 65, wherein the information included in the licensecomprises access control information and an indication of authenticityfrom an authorized source.
 67. A processing device arranged tocommunicate with a service, the processing device comprising: a licensereceiver for receiving a license; and an authorizer for authorizingaccess to a service based only on information included in the license.68. The processing device of claim 67, wherein the information includedin the license comprises access control information and an indication ofauthenticity from an authorized source.